[blazar] Why/how does Blazar use Keystone trusts?
Jason Anderson
jasonanderson at uchicago.edu
Tue Nov 12 23:17:00 UTC 2019
Hi Blazar contributors,
We hit an issue today involving trusts in Blazar, where a host couldn't be deleted due to some issue authenticating against the trust associated with the host. We still haven't resolved this issue, but it felt odd to me: why is a trust even involved here?
I have often wondered what the reason is for using trusts in Blazar, as I can't think of anything Blazar is doing that could not be done by the Blazar system user (and in fact, many operations are done via this user... via another trust.) There are also issues where a user leaves a project before their leases have ended; in this case Blazar has difficulty cleaning up because it tries to resurrect a trust that is not tied to a valid user/project relationship.
Does anybody have context on to how trusts are used in Blazar and if they are still necessary? Does it make sense to remove this functionality?
Thank you,
--
Jason Anderson
Chameleon DevOps Lead
Consortium for Advanced Science and Engineering, The University of Chicago
Mathematics & Computer Science Division, Argonne National Laboratory
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20191112/079e84ae/attachment-0001.html>
More information about the openstack-discuss
mailing list